DLP Templates

At the Microsoft Exchange Conference 2014 in Austin, Texas I ran a session on DLP templates. This blog post was linked from the slides and contains the examples I used in the session. To download any of the samples click the links below:

• ContosoPharma.xml – the DLP data classification file to add the ability to detect new data patterns from the below sample documents
• DLP Pharmaceutical Product Sheets.zip – these are pretend pharmaceutical product documents, some of which contain “company sensitive information” and so DLP can be configured to block this type of document.
• DLPPolicyTemplate.xml – this XML file contains the settings to create a DLP policy, upload the above data classification and create some DLP rules.

The documents above contain the product code for products currently in development at Contoso Pharmaceuticals. The format of the product code is as follows:

• Three letters (but never IJLOQUV)/Year of development/The letter D/Five digits/Letter(EGKP only)
  • i.e. AAA2013D2958K
  • Documents that contain product codes that match this rule must be blocked from sending to external recipients.
  • If product code ends in P then email containing code or documents containing code must be Private when sent to internal staff (never goes outside anyway) i.e. RMS must be applied to message.
  • If the code does not meet the above classification then it is not to be blocked, as it is a released product and so can be emailed freely.

To that end, the above DLP classification describes two document sets as follows:

• Restricted: [A-HKM-NPR-TW-Z]{3}(19|20|21)\d{2}D\d{4}[EGK]
• Private: [A-HKM-NPR-TW-Z]{3}(19|20|21)\d{2}D\d{4}[P]